Overview

overview

10

Static

static

Purchase Order.exe

windows7_x64

10

Purchase Order.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Purchase Order.zip

  • Size

    461KB

  • Sample

    211017-nbxc4aceg6

  • MD5

    48715eb772287d084aafc8068902d20d

  • SHA1

    def5d1d0b0881e4de6f360e97eebc6f3289a8378

  • SHA256

    22c9f28b933a171961eeedbd66bbf3951e94ea12943c366a440addf8cb737e94

  • SHA512

    cc3ecb688a7f2902266cc18b160077f9ecc6b4c0c747fcecd9657afe976deac87519c8df9384dd013326542bc16cf2a30e202d22f9e051f50ccb253cf712458f

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.ananthasuites.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Anantha225@#

Targets

    • Target

      Purchase Order.exe

    • Size

      735KB

    • MD5

      f8c04a79425fbd0bde8ee6dd132d655b

    • SHA1

      b10826eb64f5d2469df8f776df34405cee0d1d05

    • SHA256

      6459b80dbdfbf19a21456659f618c0e22693b4d2389e5cfbba864e5d2b85eb1a

    • SHA512

      3e02e41db2e64c12360972886ed83838c45d702f68d1bc07a47e613d1c8392d13ba393eb6cecbe18a7d4991229b7f6e89525d61bdb0dd77815422956b4c3d92d

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks